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Claims 

Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1. (Currently amended) A method for compiling parser scripts each corresponding to 
the structure of security data received from a network component comprising th e s t e ps of : 

a) identifying sets of data categories, each set corresponding to security data 

received from one of a plurality of network components; 

b) constructing database record definitions, each defining a record subdivided 

in accordance with one of the sets of data categories; 

g) writing parser scripts that receive security data from the network 

components and output records, each record corresponding to one of the record 
definitions; and 

d) storing said parser scripts in a data storage . 

2. (Currently amended) The method of claim 1 further comprising th e st e ps of : 

e) determining the format of each category in said sets; and 

f) formatting the subdivisions to match the formats of the categories of the set 

to which the definition corresponds; [[and]] 

wherein each of the output records of st e p (c) correspond in format to one of the 
record definitions. 



3. (Currently amended) The method of claim 1 further comprising- 

e) building database tables in a relational database each having the fields of 

one of the database record definitions; and 

f) - inserting output records received from the parser scripts into the tables. 
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4. (Currently amended) The method of claim 2 further comprising th e st e ps of : 

§) building database tables in a relational database each having the fields and 

formats of one of the database record definitions; and 

h) inserting output records received from the parser scripts into the tables. 

5. (Currently amended) The method of claim 1 wherein[[:]] at least one of the sets of 
data categories is identified , at le ast i n part, from by the product specifications of the 
network components. 

6. (Currently amended) The method of claim 1 wherein[[:]] at least one of the sets of 
data categories is identified , a t lea st i n part, by applying a Management Information Base 
(MIB) integrator to a Management Information Base for the corresponding network 
component. 

7. (Currently amended) A n i nform a t i on n e twork se cur i ty data comp il at i on system, 
comprising: 

a) a first network component; 

b) — —a second network component; 

a data storage element: and 

g) a data parser coupled to the first and second network components having 

access to a first parser script and a second parser script stored in the data storage 
element , the data parser is operable to produce categorized data from the data 
received from the first and second network components data interface operating 
with the first and second parser scripts, respectively. 

8. (Currently amended) The d a ta compi la t i on system of claim 7 whereinf-a) the first 
network component is a firewall and b) — the second network component is an intrusion 
detection system. 
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9. (Currently amended) The data comp il ation system of claim 7 further comprising: 

a) a third network component^ and 

b) a distributed data manager; [[and]] 

wherein[[:]] the data parser is coupled to the second and third network components 
through the distributed data manager A which collects and compresses data from 
the second and third network components and forwards the compressed data to 
the data parser. 

10. (Currently amended) The d a t a comp il at i on system of claim 7 further comprising: 

a) a third network component; 

b) a second data parser coupled to the third component having access to a 

third parser script, the second data parser operable to produce categorized data 
from the data received from the third network component with the third parser 
script; and 

g) a relational database coupled to the first and second data parsers. 

1 1 . (Currently amended) The d a ta compi la t i on system of claim 7 further comprising: 

a) a display coupled to the data parser; and 

b) a relational database coupled between the data parser and the display 7 

o r\ri ■ 

wherein[[:]] the data parser transfers the categorized data to the relational 
database. 

12. (Currently amended) The data comp i l a t i on system of claim 11 wherein[[:]] the 
relational database receives a data query and the display shows a portion of the 
categorized data, up to and including all the data[[,]] from the relational database, 
corresponding to the data query. 
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13. (Currently amended) The data comp il at i on system of claim 12 wherein[[:]] the data 
queries are submitted through a web browser interface and the display shows the 
portions ar e shown through [[a]] the web browser interface. 

14. (Currently amended) The d a ta comp ila t i on system of claim 7 further comprisingf-a) 
an event detector coupled to the data parser^ arid— wherein[[:]] the event detector 
compares the categorized data to a predetermined event definition and provides a signal 
that indicates that ffifll a match is found between the categorized data and the 
predetermined event definition . 

15. (Currently amended) The data comp il at i on system of claim 7 further comprising^-a) 
an information technology agent and wherein[[:]] the network component is programmed 
by software, the agent collects security data from the software, and the data provided 
from the first network component is the security data collected by the agent. 

16. (Currently amended) The data comp il at i on system of claim 7 wherein[[:]] data 
produced by the data parser produc e s is_formatted and categorized-data. 

17. (Currently amended) The data compilat i on system of claim 7 wherein[[:]] data from 
the first network component is security data and data from the second network 
component is security data. 

18. (Currently amended) The data compilat i on system of claim 7 wherein[[:]] data from 
the first network component is encrypted and decrypted. 
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19. (Currently amended) A method of compiling network security data comprising4he 
st e p s of : 

a) collecting security data from a plurality of network components; 

b) accessing a plurality of different parser scripts, each script corresponding to 

one of the network components; 

o) applying the plurality of different parser scripts to the security data to 

produce categorized and formatted data; and 

d) storing the categorized and formatted data in a data storage . 

20. (Currently amended) The method of claim 19 wherein[[:]] the plurality of network 
components i nc l ud es at le ast comprises a firewall and an intrusion detection system. 

21 . (Currently amended) The method of claim 19 further comprising the steps of: 

e) transmitting the categorized and formatted data to a relational database; 

f) providing a user interface for submitting queries to the relational database; 

and 

g) displaying the categorized and formatted data, or a subset thereof, in 

accordance with submitted queries. 

22. (Currently amended) The method of claim 21 wherein[[:]] st e p ( e ) transmitting 
occurs prior to stee4d )storing and st e p (d) storing comprises storing the categorized and 
formatted data in the relational database. 

23. (Currently amended) The method of claim 19 further comprising the steps of: 

e) comparing the categorized and formatted data to at least one 

predetermined event definition; and 

f) generating a signal that indicates that ffifll the data matches at least one 

event definition[[s]]. 
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24. (Currently amended) The method of claim 19 wherein[[:]] one of the network 
components is programmed by software and an information technology agent 
communicates with the software to collect the security data. 

25. (Currently amended) The method of claim 19 wherein[[:]] the step of collecting 
occurs in real time rather than in batches. 

26. (Currently amended) The method of claim 19 wherein[[:]] at least two of the 
plurality of different data constructs correspond to the same network component. 



405948.01/2416-00200 



Page 7 of 10 



